By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

tool, but is actually a Trojan dropper, spreading rapidly via an email attachment.

The email campaign includes a message urging the recipient to test their systems using the Windows 7 Upgrade Advisor by opening the tool contained in an attached .zip file. Once the victim executes the file, the Trojan downloads and installs a backdoor, which can be used by an attacker to force download other malicious programs.

Catalin Cosoi, the head of BitDefender's Online Threats Lab, said the infection rate for this attack doubled in a period of three hours after it was first discovered. Infections consist of a key logger which will intercept passwords and other credentials and a program that gives the attacker the ability to access and use the machine as a bot, Cosoi said.

"Software for compatibility checking for Windows 7 is quite tempting for users," Cosol said in an interview with SearchSecurity.com. "People are interested in switching to this operating system because it's a more secure product and they want to know if their machine is compatible because Windows 7 requires more resources."

The email campaign is in English. Attacks were first detected in the United States and quickly spread to Germany, Cosol said. Attackers have been using malicious files in email campaigns to install key loggers that can lift bank credentials and other account information. The campaigns have been low in number to evade detection. But in the last several months, attackers seem to be using the campaigns to acquire computers as part of larger botnets, Cosol said.

Cybercriminals have used Microsoft in previous attack campaigns. In 2008, a fake Microsoft Patch Tuesday email circulated. In that same year, researchers at CA discovered a malicious program posing as a Windows Security Center. Once installed, the program informed users of non-existent infections. The program attempted to spread Windefender 2008, a fake spyware removal tool.

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy